腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2016/12/24

Mikhail Davidov @sirus

[ Browser ] Just released my @ Peach_Fuzzer pit for the HTTP/2 protocol targeting Microsoft Edge! https://github.com/sirusdv/EdgeHTTP2Fuzzer

"HTTP/2 Peach Pit for Microsoft Edge： https://t.co/onSh1dCz0R"
Francesco Mifsud @GradiusX

[ Hardware ] @ HackSysTeam Extreme Vulnerable Driver Python Solutions https://github.com/GradiusX/HEVD-Python-Solutions

"HEVD Python Solutions： https://t.co/xHENBY7PyH"
Nicolas Krassas @Dinosn

[ MachineLearning ] Awesome Machine Learning for Cyber Security https://github.com/jivoi/awesome-ml-for-cybersecurity

"网络安全之机器学习资源集： https://t.co/Ei7EGIfQps "
Project Zero Bugs @ProjectZeroBugs

[ macOS ] ipc_port_t reference count leak with nested MIG methods leads to OS X/iOS kernel UaF https://bugs.chromium.org/p/project-zero/issues/detail?id=926

"nested MIG 方法中的 ipc_port_t 引用计数泄露导致的 OS X/iOS 内核 UaF 漏洞（CVE-2016-7612）： https://t.co/TitjKqqezr"
Nicolas Krassas @Dinosn

[ macOS ] macOS < 10.12.2 / iOS < 10.2 Kernel Mach Port Name uref Privilege Escalation https://cxsecurity.com/issue/WLB-2016120133

"macOS < 10.12.2 / iOS < 10.2 Kernel Mach Port Name uref 提权漏洞： https://t.co/WmMYeszQ2d"
John Lambert @JohnLaTwC

[ Malware ] #PowerShell malware stealing credentials: https://twitter.com/JohnLaTwC/status/780111723176919040, http://pastebin.com/R8wqMKYP

"PowerShell 恶意软件窃取凭据︰ https://t.co/nBR9ZAZdIA、 https://t.co/eidogLbjQs"
Unit 42 @Unit42_Intel

[ MalwareAnalysis ] Unit 42's review of regional malware trends in EMEA http://oak.ctx.ly/r/5buxh #Unit42

"Unit42 回顾分析欧洲、中东、非洲地区的恶意软件趋势： https://t.co/W5GERNvb29 "
John Lambert @JohnLaTwC

[ MalwareAnalysis ] Symantec report on #PowerShell malware: https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/increased-use-of-powershell-in-attacks-16-en.pdf

"Symantec 针对 PowerShell 恶意软件的分析报告︰ https://t.co/0cgSMsUmUi"
McAfee Labs @McAfee_Labs

[ MalwareAnalysis ] Malware can use several mechanisms to avoid detection and analysis. We classify these techniques into 3 categories:… https://twitter.com/i/web/status/812162342494568448

"McAfee 针对恶意软件对抗技术进行了总结： https://t.co/aAo2Z20MoA"
Hector X. Monsegur @hxmonsegur

[ Operating System ] Published: AIX Bug Hunting Part 2 – Bellmail Privilege Escalation (CVE-2016-8972) https://rhinosecuritylabs.com/2016/12/21/unix-nostalgia-aix-bug-hunting-part-2-bellmail-privilege-escalation-cve-2016-8972/ PoC at: https://t.co/YbqDd6aQUh

" IBM AIX 6.1/7.1/7.2 操作系统 Bellmail 提权漏洞分析 (CVE-2016-8972) https://t.co/tjcTNwBs2u PoC ︰ https://t.co/YbqDd6aQUh"
Full Disclosure @SecLists

[ Others ] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto https://goo.gl/fb/eD7HPn #FullDisclosure

"Apache mod_session_crypto 模块存在 Padding Oracle 漏洞（CVE-2016-0736）： https://t.co/ig762WPhEw "
John Lambert @JohnLaTwC

[ Others ] #Powershell threat targeting Brazil: https://twitter.com/JohnLaTwC/status/793163947356532736, http://pastebin.com/KiWD1juJ

"针对巴西的 Powershell 威胁︰ https://t.co/ZzqF1faN4Y、 https://t.co/RewyWyys3M"
John Lambert @JohnLaTwC

[ Others ] Some #PowerShell payloads I’ve seen in the wild: http://pastebin.com/juC4CkQG and http://pastebin.com/R75bqYkL

"一些在野外的 PowerShell payloads︰ https://t.co/d2aH7dnUN7 https://t.co/fHwXgAkJlN"
Jeff Dimmock @bluscreenofjeff

[ Others ] [blog] Apache mod_rewrite Grab Bag — payload hot-swapping & file ext obfuscation, 404 redirect, HTTP method blocking https://t.co/IRflwUjofh

" Apache mod_rewrite 模块使用技巧： https://t.co/IRflwUjofh"
Sebastian Lekies @slekies

[ Others ] Bypassing CSP script nonces via the browser cache: http://sebastian-lekies.de/csp/attacker.php. Nonces are incompatible with most caching mechanisms. #CSP

"通过浏览器缓存绕过 CSP script nonces ︰ https://t.co/baYecq1ibD"
Nicolas Krassas @Dinosn

[ Others ] Basics of Making a Rootkit: from syscall to hook https://d0hnuts.com/2016/12/21/basics-of-making-a-rootkit-from-syscall-to-hook/

"自制基础款 Rootkit︰从 syscall 到 hook： https://t.co/geM12dLByt"
Cristiano Giuffrida @c_giuffrida

[ Others ] Our #NDSS17 VUzzer paper on application-aware evolutionary fuzzing is now online: https://vusec.net/download/?t=papers/vuzzer_ndss17.pdf

"VUzzer: Application-aware Evolutionary Fuzzing︰ https://t.co/wPnPdmOz8b"
Nicolas Krassas @Dinosn

[ Tools ] Noriben - Portable, Simple, Malware Analysis Sandbox http://www.kitploit.com/2016/12/noriben-portable-simple-malware.html

"Noriben -- 基于 python 脚本，与 Sysinternals Procmon 协同工作并可以自动收集，分析并报告运行中的恶意软件状况： https://t.co/2RiISrOnhz"
Mathias Bynens @mathias

[ Tools ] To create JavaScript regular expressions that match a list of… …symbols, use https://github.com/mathiasbynens/regenerate …words, use https://t.co/crG7u70ZTM

"regenerate -- 基于给定的 Unicode 符号生成 JS 正则表达式： https://github.com/mathiasbynens/regenerate"
Jerry Gamblin @JGamblin

[ Tools ] Python JSON Fuzzer: https://github.com/mseclab/PyJFuzz

"JSON Fuzz 工具: https://t.co/OBQ5fiYq5G"
Evilcry_ @Blackmond_

[ WirelessSecurity ] Bluetooth Attacks on Commercial-Grade Electronic Locks - http://www.somersetrecon.com/blog/2016/10/14/electronic-safe-lock-analysis-part-2-

"电子安全锁分析（Part 2）： https://t.co/6NUZvDwJ4w Part 1： http://www.somersetrecon.com/blog/2016/6/7/electronic-safe-lock-analysis-part-1-teardown"
雪碧0xroot @cn0Xroot

[ WirelessSecurity ] How to get 3G working on the UmTRX https://fairwaves.co/blog/openbts-umts-3g-umtrx/ #3G #SDR #OpenBTS https://t.co/H0HXjZToWt

"How to get 3G working on the UmTRX： https://t.co/GsFWZVfogF "

2016/12/24